[go: up one dir, main page]

CN100417127C - A User Management Method Based on Dynamic Host Configuration Protocol - Google Patents

A User Management Method Based on Dynamic Host Configuration Protocol Download PDF

Info

Publication number
CN100417127C
CN100417127C CNB021113734A CN02111373A CN100417127C CN 100417127 C CN100417127 C CN 100417127C CN B021113734 A CNB021113734 A CN B021113734A CN 02111373 A CN02111373 A CN 02111373A CN 100417127 C CN100417127 C CN 100417127C
Authority
CN
China
Prior art keywords
user
dhcp
client
dhcp server
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB021113734A
Other languages
Chinese (zh)
Other versions
CN1450766A (en
Inventor
赖胜晖
方军
唐珂
戴进
白英杰
张钢钢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNB021113734A priority Critical patent/CN100417127C/en
Publication of CN1450766A publication Critical patent/CN1450766A/en
Application granted granted Critical
Publication of CN100417127C publication Critical patent/CN100417127C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种基于动态主机配置协议的用户管理方法,包括下列步骤:①客户端发出DHCP请求;②DHCP服务器响应客户端请求,建立用户控制信息,限制用户访问能力;③用户进行认证,并将认证结果返回给DHCP服务器;④DHCP服务器根据认证结果更新用户控制信息,并将新的网络配置发给客户端;⑤用户正常上网,DHCP服务器处理用户的其它DHCP信息。采用本发明所述方法,解决了用户使用DHCP接入时对用户管理的较弱的问题,可以选择多种认证方式,扩展方便,极大减轻网络维护负担。而且,本发明的方法很好地融合了DHCP便于网络配置的特性,同时又满足了接入服务器对用户管理的苛刻要求,使得DHCP成为一种可运营和方便易行的宽带接入方式。

The invention discloses a user management method based on a dynamic host configuration protocol, which comprises the following steps: ①The client sends out a DHCP request; ②The DHCP server responds to the client request, establishes user control information, and limits the user's access ability; ③Authenticates the user, and Return the authentication result to the DHCP server; ④The DHCP server updates the user control information according to the authentication result, and sends the new network configuration to the client; ⑤The user accesses the Internet normally, and the DHCP server processes other DHCP information of the user. By adopting the method of the invention, the problem of weak user management when the user uses DHCP to access is solved, multiple authentication modes can be selected, the expansion is convenient, and the network maintenance burden is greatly reduced. Moreover, the method of the present invention well integrates the feature of DHCP that is convenient for network configuration, and at the same time satisfies the strict requirements of the access server on user management, making DHCP an operable and convenient broadband access mode.

Description

一种基于动态主机配置协议的用户管理方法 A User Management Method Based on Dynamic Host Configuration Protocol

技术领域 technical field

本发明涉及宽带接入网,具体的说,涉及一种接入服务器对DHCP(DynamicHost Configuration Protocol动态主机配置协议)接入用户认证和管理的方法。The invention relates to a broadband access network, in particular to a method for an access server to authenticate and manage DHCP (DynamicHost Configuration Protocol) access users.

背景技术 Background technique

DHCP的全称是动态主机配置协议(Dynamic Host Configuration Protocol),由IETF(Internet网络工程师任务小组)设计,详尽的协议内容在RFC文档rfc2131。DHCP是BOOTP(Bootstrap Protocol,见RFC951)的扩展,基于C/S(Client/Server客户/服务)模式,提供一种动态指定IP地址和网络配置的机制,主要用于大型网络环境和配置比较困难的地方。网络管理员把网络配置的参数集中在运行DHCP服务器上,由DHCP服务器自动地为网络中的主机指定IP地址和路由等配置,DHCP服务器指定的配置参数有些和IP协议并不相关,但这并不会影响计算机之间的通信,相反,它的配置参数使得网络上的计算机通信变得方便而容易实现了。并且DHCP使得IP地址的可以被租用,这是相对于BOOTP的一个较为突出的功能,尤其对于拥有大量计算机的大型网络来说,如一所大学内的校园网,每台计算机静态拥有一个IP地址有时候可能是不必要的,DHCP服务器为每个IP地址指定一个租期,租期可以是1分钟,也可以是无限期,客户机也可以通过续租持续使用IP资源。当租期到了的时候,DHCP服务器可以回收这个IP地址,分配给别的机器使用,这个特性也很好地满足了接入服务器的要求。此外,DHCP还可以很好地满足移动服务,这是由于DHCP提供预约机制,客户机虽然物理位置发生了改变,但是客户机的基本信息仍然存在服务器中,当客户机再度发出请求时,如果该IP地址尚未被分配出去就仍然可以使用先前使用过的地址。The full name of DHCP is Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol), designed by IETF (Internet Network Engineer Task Force), and the detailed protocol content is in RFC document rfc2131. DHCP is an extension of BOOTP (Bootstrap Protocol, see RFC951). Based on the C/S (Client/Server client/service) mode, it provides a mechanism for dynamically specifying IP addresses and network configurations. It is mainly used in large-scale network environments and configurations are difficult. The place. The network administrator concentrates the network configuration parameters on the running DHCP server, and the DHCP server automatically specifies IP addresses and routing configurations for the hosts in the network. Some configuration parameters specified by the DHCP server are not related to the IP protocol, but this does not It will not affect the communication between computers, on the contrary, its configuration parameters make the computer communication on the network convenient and easy to realize. And DHCP allows IP addresses to be leased, which is a more prominent function compared to BOOTP, especially for large-scale networks with a large number of computers, such as a campus network in a university, where each computer has a static IP address. Sometimes it may be unnecessary. The DHCP server specifies a lease period for each IP address. The lease period can be 1 minute or indefinitely. The client can also continue to use IP resources by renewing the lease. When the lease expires, the DHCP server can recycle the IP address and distribute it to other machines. This feature also satisfies the requirements of the access server. In addition, DHCP can also satisfy mobile services very well. This is because DHCP provides a reservation mechanism. Although the physical location of the client computer has changed, the basic information of the client computer still exists in the server. Previously used addresses can still be used if the IP address has not been assigned.

DHCP可以很好地使用在企业内部的局域网中,极大地减轻TCP/IP网络的规划、管理和维护的负担,自动进行IP地址的分配与回收,基本上不需要人为干预。但这种传统的DHCP组网方式仅仅是一种企业级的IP网络,是基于企业内部信任并不进行运营的网络,从运营商的角度来看是零管理的网络,尤其是DHCP Server主要用于管理网络配置,对用户的管理以集合的方式进行,除IP地址外,多个用户使用相同的网络配置,一个小小的改动就会影响整个网络,且不能动态地修改,需要管理员人工干预,所以适合在相对稳定的企业内部网中使用。但接入网要求能为单个用户提供定制服务,每个用户的配置是独立的,并且可以动态更新,以满足管理的需要。所以当把DHCP作为宽带接入的一个业务实现方式的时候,现有技术不能很好地对用户进行必要的管理。DHCP can be well used in the internal LAN of the enterprise, greatly reducing the burden of planning, management and maintenance of the TCP/IP network, and automatically assigning and recycling IP addresses, basically without human intervention. However, this traditional DHCP networking method is only an enterprise-level IP network, which is based on the internal trust of the enterprise and does not operate. From the perspective of the operator, it is a zero-management network, especially the DHCP Server is mainly used For network configuration management, users are managed in a collective manner. Except for IP addresses, multiple users use the same network configuration. A small change will affect the entire network, and it cannot be modified dynamically, requiring manual work by the administrator. Intervention, so it is suitable for use in a relatively stable intranet. However, the access network is required to provide customized services for a single user. The configuration of each user is independent and can be dynamically updated to meet management needs. Therefore, when DHCP is used as a service realization mode of broadband access, the existing technology cannot perform necessary management on users well.

发明内容 Contents of the invention

本发明的目的是为了克服了现有技术中的对DHCP缺少运营管理机制的缺点,提出一种充分利用DHCP方便网络管理的特性,实现对DHCP接入用户的一种有效认证和管理的方法。The purpose of the present invention is to overcome the shortcoming of the lack of operation and management mechanism for DHCP in the prior art, to propose a method for fully utilizing the characteristics of DHCP to facilitate network management, and to realize effective authentication and management of DHCP access users.

本发明的核心思想是:通过引入用户的的控制信息,增强DHCP Server对用户的管理功能,控制信息可以影响DHCP的协商过程和用户的上网行为。而用户控制信息的获得与变更则与用户的认证密切相关,从而很好地满足了接入网中对用户认证和管理的要求。The core idea of the present invention is: by introducing the control information of the user, the management function of the DHCP Server to the user is enhanced, and the control information can affect the negotiation process of the DHCP and the online behavior of the user. The acquisition and change of user control information is closely related to user authentication, thus satisfying the requirements for user authentication and management in the access network.

本发明的技术方案是这样实现的。一种基于动态主机配置协议的用户管理方法,包括下列步骤:The technical scheme of the present invention is achieved in this way. A user management method based on Dynamic Host Configuration Protocol, comprising the following steps:

①客户端发出DHCP请求;①The client sends a DHCP request;

②DHCP服务器响应客户端请求,建立用户控制信息,限制用户访问能力;②The DHCP server responds to the client request, establishes user control information, and restricts user access capabilities;

③用户进行认证,并将认证结果返回给DHCP服务器;③ The user performs authentication and returns the authentication result to the DHCP server;

④DHCP服务器根据认证结果更新用户控制信息,并将新的网络配置发给客户端;④The DHCP server updates the user control information according to the authentication result, and sends the new network configuration to the client;

⑤用户正常上网,DHCP服务器处理用户的其它DHCP信息。⑤The user goes online normally, and the DHCP server processes other DHCP information of the user.

所述步骤②中的用户控制信息包括但不限于:客户机的MAC地址,VLANDID和接入端的硬件信息。The user control information in the step ② includes but not limited to: MAC address of the client, VLANDID and hardware information of the access terminal.

所述的DHCP服务器是内置在接入服务器中的。The DHCP server is built in the access server.

所述步骤②中DHCP服务器响应客户端请求包括从指定的IP地址池中分配给客户端一个IP地址以及相应的网络配置。这里的IP地址可以是一个私网地址。In the step ②, the DHCP server responds to the client request including assigning an IP address and corresponding network configuration to the client from the specified IP address pool. The IP address here may be a private network address.

所述步骤③中的认证可以是WEB认证,也可以是其它的认证,但是所采用得认证方式必须能够与DHCP服务器之间进行消息交互,使得DHCP服务器能够获得客户端认证结果。The authentication in step ③ can be WEB authentication or other authentication, but the authentication method adopted must be able to exchange messages with the DHCP server, so that the DHCP server can obtain the client authentication result.

所述步骤④中更新用户控制信息是指给用户在保持用户在线的条件下,通过更换用户控制信息以改变用户的访问能力,并将相应配置传给客户端,或者仍然让用户使用原来的私网地址,对此情况系统可以提供NAT(网络地址转换协议)转换。Updating the user control information in the step ④ refers to changing the user's access ability by changing the user control information under the condition of keeping the user online, and passing the corresponding configuration to the client, or allowing the user to use the original private In this case, the system can provide NAT (Network Address Translation Protocol) translation.

所述步骤①中对未通过认证的非法用户和用户认证超时,DHCP服务器将收回IP地址,强制拆线,并生成记录。In the step ①, for illegal users who have not passed the authentication and user authentication timeout, the DHCP server will take back the IP address, forcibly disconnect the connection, and generate a record.

采用本发明所述方法,解决了用户使用DHCP接入时对用户管理的较弱的问题,可以选择多种认证方式,扩展方便,极大减轻网络维护负担。而且,本发明的方法很好地融合了DHCP便于网络配置的特性,同时又满足了接入服务器对用户管理的苛刻要求,使得DHCP成为一种可运营和方便易行的宽带接入方式。The method of the invention solves the problem of weak user management when the user uses DHCP to access, can choose multiple authentication methods, is convenient to expand, and greatly reduces the burden of network maintenance. Moreover, the method of the present invention well integrates the feature of DHCP that is convenient for network configuration, and at the same time satisfies the strict requirements of the access server on user management, making DHCP an operable and convenient broadband access mode.

附图说明 Description of drawings

图1是本发明提出的基于动态主机配置协议的用户管理方法的流程图。Fig. 1 is a flow chart of the user management method based on the dynamic host configuration protocol proposed by the present invention.

图2是本发明的一个实施例的DHCP接入的实现原理图。Fig. 2 is an implementation principle diagram of DHCP access according to an embodiment of the present invention.

具体实施方式 Detailed ways

下面结合附图对本发明做进一步的详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings.

图1是本发明提出的基于动态主机配置协议的用户管理方法的流程图。如图1所示,一种基于动态主机配置协议的用户管理方法,包括下列步骤:①客户端发出DHCP请求;②DHCP服务器响应客户端请求,建立用户控制信息,限制用户访问能力;③用户进行认证,并将认证结果返回给DHCP服务器;④DHCP服务器根据认证结果更新用户控制信息,并将新的网络配置发给客户端;⑤用户正常上网,DHCP服务器处理用户的其它DHCP信息。Fig. 1 is a flow chart of the user management method based on the dynamic host configuration protocol proposed by the present invention. As shown in Figure 1, a user management method based on the Dynamic Host Configuration Protocol comprises the following steps: 1. the client sends a DHCP request; 2. the DHCP server responds to the client request, establishes user control information, and restricts user access capabilities; 3. authenticates the user , and return the authentication result to the DHCP server; ④The DHCP server updates the user control information according to the authentication result, and sends the new network configuration to the client; ⑤The user accesses the Internet normally, and the DHCP server processes other DHCP information of the user.

用户认证前,运行DHCP客户端的用户主机发起DHCP请求到接入服务器,内置在接入服务器上的DHCP服务器从某个指定的IP地址池中分配给客户端一个IP地址(大部分情况是私网地址),分配地址是标准的DHCP协商过程,但为了达到可管理的目的,需要在接入服务器上建立用户的控制信息,以管理用户的上网行为。Before user authentication, the user host running the DHCP client initiates a DHCP request to the access server, and the DHCP server built in the access server allocates an IP address to the client from a specified IP address pool (in most cases, private network address), assigning addresses is a standard DHCP negotiation process, but in order to achieve manageability, it is necessary to establish user control information on the access server to manage users' online behavior.

建立用户控制信息的时候,DHCP服务器利用DHCP协商过程中收集到的客户端的基本信息,包括客户机的MAC地址,VLAN ID和接入端口等硬件信息,以此作为用户的唯一标识,并与IP地址和控制信息建立一一对应的关系。这个唯一标识不是固定的,其生存期是从用户开始申请IP地址,上网到下线的一段时间内。这样做的好处之一是假如用户更换了网卡或改变的接入位置,网管不需要做相应的改动。When establishing user control information, the DHCP server uses the basic information of the client collected during the DHCP negotiation process, including hardware information such as the client's MAC address, VLAN ID, and access port, as the unique identifier of the user, and is associated with the IP address. Addresses and control information establish a one-to-one correspondence. This unique identifier is not fixed, and its lifetime is a period of time from when the user starts to apply for an IP address, when he goes online to when he goes offline. One of the advantages of this is that if the user changes the network card or changes the access location, the network management does not need to make corresponding changes.

建立用户控制信息之后,认证之前,客户端与DHCP服务器仍然会定期进行DHCP协商(主要是进行IP地址续租,详见DHCP协议),DHCP服务器仍然为客户端服务,但用户控制信息会判断用户是否超过规定认证时间,并适时将用户剔下线,回收IP资源。传统的DHCP服务器仅设一个租期,且如果用户不主动下线的话,就一直能使用分配好的IP地址。After the user control information is established and before the authentication, the client and the DHCP server will still conduct regular DHCP negotiations (mainly for IP address renewal, see the DHCP protocol for details), the DHCP server will still serve the client, but the user control information will determine the user Whether the specified authentication time is exceeded, and the user will be removed from the line in due course to recover IP resources. The traditional DHCP server only sets a lease period, and if the user does not take the initiative to go offline, the assigned IP address can always be used.

用户获得IP地址后,就可以部分实现上网功能,但在控制信息的作用下,上网是受限的,因为此时尚未对用户进行认证。关于认证的方式已超出本文范围,这里以WEB认证为例说明其中的过程:认证前的用户只能访问与认证有关的指定的网站,或者接入服务器可以将用户的所有HTTP请求定向到某个指定的WEB服务器上(需要重定向功能),在用户主机上所见到的就是一个请求输入用户名和密码的登录页面,WEB服务器接收用户名和密码,送至AAA(认证,计费和授权服务器)服务器进行认证,并将结果发给接入服务器。这仅是一种可能的认证方式,实际应用的时候可以选择其它成熟方案,本文不作详细介绍。After the user obtains the IP address, he can partially realize the function of surfing the Internet, but under the action of the control information, the Internet access is restricted because the user has not been authenticated at this time. The authentication method is beyond the scope of this article. Here we take WEB authentication as an example to illustrate the process: the user before authentication can only visit the specified website related to authentication, or the access server can direct all the HTTP requests of the user to a certain On the specified WEB server (redirection function is required), what you see on the user host is a login page requesting to enter the user name and password. The WEB server receives the user name and password and sends them to AAA (authentication, accounting and authorization server) The server performs authentication and sends the result to the access server. This is only a possible authentication method. In actual application, other mature solutions can be selected, and this article will not introduce them in detail.

若用户认证通过,接入服务器根据认证结果重新配置用户的控制信息,按照为用户开户时所制定的规则实现用户的上网功能。并且在紧接着刷新用户控制信息后的DHCP协商过程中,将新的网络配置发给客户端。目前有两种较常用的更新方式,一是给用户换一个公网地址,另一个是仍然使用原来的私网地址,但提供NAT(网络地址转换协议)转换。传统的DHCP服务器则无法做到这样动态地更新用户的网络配置,需要管理员的干预。如果认证不通过,则注销用户控制信息,即使用户的IP地址仍然在租期内尚未失效,但是在接入服务器上已经没有相应的控制信息,用户还是无法使用网络。If the user passes the authentication, the access server reconfigures the user's control information according to the authentication result, and implements the user's Internet access function according to the rules established when the user opened an account. And in the DHCP negotiation process immediately after refreshing the user control information, the new network configuration is sent to the client. Currently, there are two commonly used update methods, one is to change a public network address for the user, and the other is to still use the original private network address, but provide NAT (Network Address Translation Protocol) conversion. The traditional DHCP server cannot dynamically update the user's network configuration in this way, requiring the intervention of the administrator. If the authentication fails, the user control information is canceled. Even if the user's IP address is still within the lease period, but there is no corresponding control information on the access server, the user still cannot use the network.

认证通过后的用户开始正常的上网,而DHCP服务器只处理DHCP消息,不干涉用户的上网过程,基本不占用用户的带宽,此时的控制信息承担流量控制,链路检测和计费等功能。After passing the authentication, the user starts to surf the Internet normally, and the DHCP server only processes the DHCP message, does not interfere with the user's Internet access process, and basically does not occupy the user's bandwidth. At this time, the control information undertakes functions such as flow control, link detection, and billing.

图2是本发明的一个实施例的DHCP接入的实现原理图。如图2所示,用户A通过交换机B接入到宽带接入服务器C中,并从接入服务器C获得私网IP地址,以及DNS,掩码和路由配置(DNS地址,掩码和路由都是事先配置到DHCP服务器的数据库中,再通过DHCP协商配置到客户端)。接入服务器C则通过配置用户A的控制信息使得用户A只能访问宽带接入门户D。然后用户A主动登录宽带接入门户D,或者由接入服务器C将用户A的所有访问请求转到宽带接入门户D(需要重定向功能)。用户A登录宽带接入门户D后,访问的第一个页面就是身份认证页面,要求用户A输入用户名和密码,然后宽带接入门户D将信息送至E进行认证(或中间经过宽带接入服务器C中转),并将认证结果返回到宽带接入服务器C,刷新相应的用户控制信息,同时通知用户A认证结果。对于认证通过的用户A,宽带接入服务器C根据认证后的用户控制信息与用户A进行DHCP协商,协商的结果可以是用户A继续使用私网IP也可以是使用新的公网IP,视系统配置情况而定。若使用私网则宽带接入服务器C需要添加NAT功能或外接一个NAT服务器(图2中未表示)将用户A的私网IP转换成公网IP,使用公网IP则相对简单。刷新客户端的网络配置后,在宽带接入服务器C的管理下,用户A就可实现宽带接入的功能,通过路由器F访问internet了。Fig. 2 is an implementation principle diagram of DHCP access according to an embodiment of the present invention. As shown in Figure 2, user A accesses broadband access server C through switch B, and obtains private network IP address, DNS, mask and routing configuration from access server C (DNS address, mask and routing are all It is configured in the database of the DHCP server in advance, and then configured to the client through DHCP negotiation). The access server C enables the user A to only access the broadband access portal D by configuring the control information of the user A. Then user A actively logs in to the broadband access portal D, or the access server C transfers all access requests of user A to the broadband access portal D (redirection function is required). After user A logs in to broadband access portal D, the first page he visits is the identity authentication page, which requires user A to enter a user name and password, and then broadband access portal D sends the information to E for authentication (or passes through the broadband access server C relay), and return the authentication result to the broadband access server C, refresh the corresponding user control information, and notify user A of the authentication result at the same time. For user A who has passed the authentication, the broadband access server C conducts DHCP negotiation with user A according to the user control information after authentication. The result of the negotiation can be that user A continues to use the private network IP or use a new public network IP, depending on the system Depends on the configuration. If a private network is used, the broadband access server C needs to add a NAT function or an external NAT server (not shown in Figure 2) to convert the private network IP of user A into a public network IP, and using the public network IP is relatively simple. After updating the network configuration of the client, under the management of the broadband access server C, user A can realize the function of broadband access and access the Internet through router F.

Claims (8)

1. 一种基于动态主机配置协议的用户管理方法,其特征在于包括下列步骤:1. A user management method based on Dynamic Host Configuration Protocol, characterized in that comprising the following steps: ①客户端发出DHCP请求;①The client sends a DHCP request; ②DHCP服务器响应客户端请求,建立用户控制信息,限制用户访问能力;所述用户控制信息包括但不限于:客户机的MAC地址,VLAND ID和接入端的硬件信息;②The DHCP server responds to the client request, establishes user control information, and limits user access capabilities; the user control information includes but is not limited to: the MAC address of the client computer, the VLAND ID and the hardware information of the access terminal; ③用户进行认证,并将认证结果返回给DHCP服务器;③ The user performs authentication and returns the authentication result to the DHCP server; ④DHCP服务器根据认证结果更新用户控制信息,并将新的网络配置发给客户端;所述更新用户控制信息是指在保持用户在线的条件下,通过更换用户控制信息以改变用户的访问能力,并将相应配置传给客户端;④The DHCP server updates the user control information according to the authentication result, and sends the new network configuration to the client; the update of the user control information refers to changing the user's access ability by replacing the user control information under the condition of keeping the user online, and Pass the corresponding configuration to the client; ⑤用户正常上网,DHCP服务器处理用户的其它DHCP信息。⑤The user goes online normally, and the DHCP server processes other DHCP information of the user. 2. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述的DHCP服务器是内置在接入服务器中的。2. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, is characterized in that described DHCP server is built in the access server. 3. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述步骤②中DHCP服务器响应客户端请求包括从指定的IP地址池中分配给客户端一个IP地址以及相应的网络配置。3. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, it is characterized in that described step 2. DHCP server responds to client request and comprises assigning an IP address to client from the specified IP address pool and the corresponding network configuration. 4. 根据权利要求3所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述的IP地址是一个私网地址。4. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 3, is characterized in that described IP address is a private network address. 5. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述步骤③中的认证是WEB认证。5. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, is characterized in that the authentication in described step 3. is WEB authentication. 6. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述步骤④中更新用户控制信息是指仍然让用户使用原来的私网地址,但是提供NAT转换。6. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, it is characterized in that updating user control information in the described step 4. refers to still allowing the user to use the original private network address, but providing NAT conversion. 7. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于所述步骤①中对未通过认证的非法用户,DHCP服务器将收回IP地址,强制拆线,并生成记录。7. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, it is characterized in that in described step 1. to the illegal user that does not pass authentication, DHCP server will take back IP address, disconnect by force, and generate Record. 8. 根据权利要求1所述的一种基于动态主机配置协议的用户管理方法,其特征在于对于用户认证超时,DHCP服务器将收回IP地址,强制拆线,并生成记录。8. A kind of user management method based on Dynamic Host Configuration Protocol according to claim 1, it is characterized in that for user authentication overtime, DHCP server will take back IP address, disconnect by force, and generate record.
CNB021113734A 2002-04-10 2002-04-10 A User Management Method Based on Dynamic Host Configuration Protocol Expired - Lifetime CN100417127C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021113734A CN100417127C (en) 2002-04-10 2002-04-10 A User Management Method Based on Dynamic Host Configuration Protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021113734A CN100417127C (en) 2002-04-10 2002-04-10 A User Management Method Based on Dynamic Host Configuration Protocol

Publications (2)

Publication Number Publication Date
CN1450766A CN1450766A (en) 2003-10-22
CN100417127C true CN100417127C (en) 2008-09-03

Family

ID=28680557

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021113734A Expired - Lifetime CN100417127C (en) 2002-04-10 2002-04-10 A User Management Method Based on Dynamic Host Configuration Protocol

Country Status (1)

Country Link
CN (1) CN100417127C (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100636143B1 (en) * 2004-06-02 2006-10-18 삼성전자주식회사 Automatic setting method and device of wireless network device
FI20040978A0 (en) * 2004-07-13 2004-07-13 Nokia Corp System, Method, Web Objects, and Computer Programs to Manage Dynamic Host Configuration Policy Frame Configuration
CN100352220C (en) * 2004-11-18 2007-11-28 中兴通讯股份有限公司 Safety access method based on dynamic host configuration arrangment and network gate verification
CN100376095C (en) * 2004-12-09 2008-03-19 腾讯科技(深圳)有限公司 Method and system for self difining user identity
CN100388666C (en) 2004-12-09 2008-05-14 腾讯科技(深圳)有限公司 Method and system for controlling data transmission process
KR20070104566A (en) * 2005-01-24 2007-10-26 사이트릭스 시스템스, 인크. System and method for caching dynamically generated objects in a network
NO323215B1 (en) * 2005-02-04 2007-01-29 Tandberg Telecom As Firewall / NAT Protected Network Monitoring and Configuration Procedure
CN100388739C (en) * 2005-04-29 2008-05-14 华为技术有限公司 Method and system for implementing DHCP address security allocation
CN101141492B (en) * 2005-04-29 2014-11-05 华为技术有限公司 Method and system for implementing DHCP address safety allocation
CN1909482A (en) * 2005-08-05 2007-02-07 华为技术有限公司 Method for realizing detection of DHCP service performance
CN1921496B (en) * 2005-08-24 2010-04-14 中兴通讯股份有限公司 A method for DHCP client to identify DHCP server
CN101145907B (en) * 2006-09-11 2010-05-12 华为技术有限公司 Method and system for realizing user authentication based on DHCP
CN101247297B (en) * 2007-02-16 2010-07-14 华为技术有限公司 Device, system and method for automatic configuration of application terminals in home network
CN100499528C (en) * 2007-04-25 2009-06-10 华为技术有限公司 DHCP monitoring method and apparatus thereof
CN100586106C (en) * 2007-05-22 2010-01-27 华为技术有限公司 Message processing method, system and device
CN101340287A (en) * 2007-07-02 2009-01-07 华为技术有限公司 A network access authentication method, system and device
CN101350809A (en) * 2007-07-19 2009-01-21 华为技术有限公司 A method and system for realizing authentication
CN101355474B (en) 2007-07-25 2010-09-08 华为技术有限公司 Method and device for requesting and allocating connection point addresses
CN101447976B (en) * 2007-11-26 2013-01-09 华为技术有限公司 Method for accessing dynamic IP session, system and device thereof
CN101588357B (en) * 2008-05-23 2013-06-05 鸿富锦精密工业(深圳)有限公司 Router and method for indentifying user identity applying same
CN102307247B (en) * 2011-08-22 2013-04-03 神州数码网络(北京)有限公司 Dynamic address allocation method for dynamic host configuration protocol (DHCP) and system
CN103152255B (en) * 2013-02-20 2016-06-29 神州数码网络(北京)有限公司 The method and apparatus that a kind of data forward
CN104683490B (en) * 2013-11-27 2018-05-04 华为技术有限公司 The recovery method and device of Internet protocol address
CN106034166B (en) * 2015-03-19 2020-03-10 中兴通讯股份有限公司 Network parameter configuration method and device of local area network
CN106331203B (en) * 2015-07-01 2021-01-01 中兴通讯股份有限公司 User access control method and device, relay equipment and server
CN108156168A (en) * 2017-12-31 2018-06-12 深圳键桥通讯技术股份有限公司 Broadband cut-in user managing method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010088983A (en) * 2001-08-30 2001-09-29 허기행 The method to apply network policy and to prevent the cracking or hacking for the network client group using floating IP adress
JP2002026954A (en) * 2000-07-03 2002-01-25 Nec Soft Ltd Network address management system and its method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002026954A (en) * 2000-07-03 2002-01-25 Nec Soft Ltd Network address management system and its method
KR20010088983A (en) * 2001-08-30 2001-09-29 허기행 The method to apply network policy and to prevent the cracking or hacking for the network client group using floating IP adress

Also Published As

Publication number Publication date
CN1450766A (en) 2003-10-22

Similar Documents

Publication Publication Date Title
CN100417127C (en) A User Management Method Based on Dynamic Host Configuration Protocol
CN101465856B (en) Method and system for controlling user access
EP1876754B1 (en) Method system and server for implementing dhcp address security allocation
US9237147B2 (en) Remote access manager for virtual computing services
US8291489B2 (en) Method and apparatus for registering auto-configured network addresses based on connection authentication
US8713641B1 (en) Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device
EP1760950B1 (en) A method for distributing the service according to the type of the terminal
US8605582B2 (en) IP network system and its access control method, IP address distributing device, and IP address distributing method
US20070204051A1 (en) Proxy Dns For Web Browser Request Redirection In Public Hotspot Accesses
JP3831364B2 (en) Communication system and security policy distribution method in the communication system
IL154132A (en) Enabling seamless user mobility in a short-range wireless networking environment
US20100312818A1 (en) Configuration of Routers for DHCP Service Requests
CN101212374A (en) Method and system for realizing remote access to campus network resources
CN102594635A (en) Home-gateway-based terminal access method and system, and home gateway
JP2007221533A (en) PPP gateway device
CN110366844A (en) Improvements in and related to network communications
CN100365591C (en) Client-based Network Address Assignment Method
CN101084657A (en) Gateway, network configuration, and method for controlling access to web server
CN110445889A (en) Switch ip address management method and system under a kind of ethernet environment
CN114944927B (en) Clientless Mutual Exclusive Access Platform Based on Portal Authentication
KR100745434B1 (en) A network access method and apparatus, and a recording medium
WO2012034428A1 (en) Method and service node for ip address reassignment
CN1921496B (en) A method for DHCP client to identify DHCP server
CN100449989C (en) A Method of Triggering 802.1X Authentication Process
CN106330894B (en) SAVI proxy authentication system and method based on link-local address

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20080903